Spam Blocker   anti - spam - tools .com
  Spam Filter Filter Spam without receiving it!
  Block Spam   HOME - ON-LINE HELP - DOWNLOAD - CONTACT ME



Detection of known latest active internet / email viruses

In this section I describe email viruses and their outstanding characteristics. This information lets you to detect incoming viruses and worms by Mail Box Dispatcher with ease...

 

THE SIMPLE BUT VERY IMPORTANT RECOMMENDATION!
Don't launch any unknown attachments from incoming e-mail messages!
File attachments is a most preferred transport of internet worms!

 

 

I-Worm.Bagle.B
Symptom #1: 'Subject' is 'ID <abra-kadabra>... thanks'.
(<abra kadabra> is a sequence of random characters)

Symptom #2: 'Body' is:
Yours ID <abra-kadabra>
--
Thank
(<abra kadabra> is a sequence of random characters)

Symptom #3: The attachment has a random name, with a file size of 11KB

I-Worm.Novarg (MyDoom)
Symptom #1: Has one of these subjects:
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error

Symptom #2: Has one of these bodys:
test

The message cannot be represented in 7-bit ASCII encoding
and has been sent as a binary attachment.

The message contains Unicode characters and has been sent
as a binary attachment.

Mail transaction failed. Partial message is available.

Symptom #3: Attached file has one of these names:
document
readme
doc
text
file
data
test
message
body

Symptom #4: The attachment may have one of the following extensions:
pif
scr
exe
cmd
bat

I-Worm.Mimail.i
Symptom #1: 'From' is: donotreply@paypal.com

Symptom #2: 'Subject' is: YOUR PAYPAL.COM ACCOUNT EXPIRES

Symptom #3: 'Body' is:
Dear PayPal member,
PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with this email address will be expiring within five business days. We apologize for any inconvenience that this may cause, but this is occurring because all of our customers are required to update their account settings with their personal information.
We are taking these actions because we are implementing a new security policy on our website to insure everyone's absolute privacy. To avoid any interruption in PayPal services then you will need to run the application that we have sent with this email (see attachment) and follow the instructions. Please do not send your personal information through email, as it will not be as secure.
IMPORTANT! If you do not update your information with our secure application within the next five business days then we will be forced to deactivate your account and you will not be able to use your PayPal account any longer. It is strongly recommended that you take a few minutes out of your busy day and complete this now.
DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received.
Thank you for using PayPal.

Symptom #4: Has attachment: donotreply@paypal.com

I-Worm.Sober
Symptom #1: Has one of these subjects:
You send spam mails (Worm?)
A worm is on your computer!
Now, it's enough
You have sent me a virus!
Hi darling, what are you doing now?
Be careful! New mail worm
Re: Contact
RE: Sex
Sorry, I've become your mail
Hey man, long not see you
Re: lol
Viurs blocked every PC (Take care!)
Surprise
I've become your mail!
Advise who I am!
New Sobig-Worm variation (please read)
Back At The Funny Farm
I love you (I'm not a virus!)
Neuer Virus im Umlauf!
Sie versenden Spam Mails (Virus?)
Ein Wurm ist auf Ihrem Computer!
Langsam reicht es mir
Sie haben mir einen Wurm geschickt!
Hi Schnuckel was machst du so ?
VORSICHT!!! Neuer Mail Wurm
Re: Kontakt
RE: Sex
Sorry, Ich habe Ihre Mail bekommen
Hi Olle, lange niks mehr geh
Re: lol
Viurs blockiert jeden PC (Vorsicht!)
_berraschung
Ich habe Ihre E-Mail bekommen !
Jetzt rate mal, wer ich bin !?
Neue Sobig Variante (Lesen!!)
Back At The Funny Farm
Ich Liebe Dich

Symptom #2: Attached file has one of these names:
AntiVirusDoc.pif
Check-Patch.bat
Screen_Doku.scr
Removal-Tool.exe
Perversionen.scr
Bild.scr
robot_mail.scr
RobotMailer.com
Privat.exe
AntiTrojan.exe
Mausi.scr
NackiDei.com
Anti-Sob.bat
screen_doc.scr
potency.pif
perversion.scr
pic.scr
CM-Recover.com
playme.exe
robot_mailer.pif
little-scr.scr
security.pif
Funny.scr
Liebe.com
Odin_Worm.exe
anti_virusdoc.pif
check-patch.bat
removal-tool.exe
love.com
nacked.com
Hengst.pif
schnitzel.exe
anti-trojan.exe
NAV.pif

I-Worm.Sobig.f
Symptom #1: Has one of these subjects:
Re: That movie
Re: Wicked screensaver
Re: Your application
Re: Approved
Re: Re: My details
Re: Details
Your details
Thank you!
Re: Thank you!

Symptom #2: Message body has these strings:
See the attached file for details
Please see the attached file for details.

Symptom #3: Attached file has one of these names:
movie0045.pif
wicked_scr.scr
application.pif
document_9446.pif
details.pif
your_details.pif
thank_you.pif
document_all.pif
your_document.pif

I-Worm.Mimail
Symptom #1: 'From' field looks like: "admin@%email" , where %email is always different email address

Symptom #2: 'Subject' field has: "your account %string", where %string is always different string

Symptom #3: Body of message looks like:
"Hello there,

I would like to inform you about important information regarding your email address. This email address will be expiring.
Please read attachment for details.

---
Best regards, Administrator
---
"

Symptom #4: 'message.zip' file attached. It contains infected 'message.html' file.

I-Worm.Klez
Symptom #1: 'Subject' is randomly selected string from this list:
Hello
How are you?
Can you help me?
We want peace
Where will you go?
Congratulations!!!
Don't cry
Look at the pretty
Some advice on your shortcoming
Free XXX Pictures
A free hot porn site
Why don't you reply to me?
How about have dinner with me together?
Never kiss a stranger

Symptom #2: Has following body text:
" I'm sorry to do so,but it's helpless to say sory.
I want a good job,I must support my parents.
Now you have seen my technical capabilities.
How much my year-salary now? NO more than $5,500.
What do you think of this fact?
Don't call my names,I have no hostility.
Can you help me?"

I-Worm.Tanatos.a (Bugbear.a)
Symptom #1:Subject is one of the following strings:
Greets!
Get 8 FREE issues - no risk!
Hi!
Your News Alert
$150 FREE Bonus!
Re:
Your Gift
New bonus in your cash account
Tools For Your Online Business
Daily Email Reminder
News
free shipping!
its easy
Warning!
SCAM alert!!!
Sponsors needed
new reading
CALL FOR INFORMATION!
25 merchants and rising
Cows
My eBay ads
empty account
Market Update Report
click on this!
fantastic
wow!
bad news
Lost & Found
New Contests
Today Only
Get a FREE gift!
Membership Confirmation
Report
Please Help...
Stats
I need help about script!!!
Interesting...
Introduction
various
Announcement
history screen
Correction of errors
Just a reminder
Payment notices
hmm..
update
Hello!

Symptom #2: Attached file name is randomly selected and may have 'double extension'. Example: file.DOC.SCR

I-Worm.Swen
Symptom #1: Looks as it have been sent from Microsoft Services (Microsoft Internet Security Section, MS Technical Assistance).

Symptom #2: Message content suggests users to install a "special patch" from Microsoft. This "patch" (virus body) is attached to message.

"Webber" trojan
Symptom #1: "Webber" message has the following subject line: "Re: Your credit application"

Symptom #2: Body text in English, includes file attachment named "web.da.us.citi.heloc.pif". Virus File launches if user clicks on 'confuse'-web address.

 

  

Copyright © 2003-2006 Alex Kaul . All rights reserved.